<?php

error_reporting(E_ALL);
ini_set('display_errors', '0');
include_once 'user.class.php';
include_once 'functions.php';

$a = session_id();if(empty($a)) session_start();

$db=new stdb();
if(isset($_GET['action'])){


if(!strcmp($_GET['action'],"log_in")){
       // echo "login";
    if(isset($_POST["username"])&&isset($_POST["password"])){
        //echo $_POST["username"] . " " . $_POST["password"] . "<BR>";
       mysql_safer();
        $hash=md5(md5($_POST["password"]));
        //echo "$hash";
        $sql_login = "Select * from utilizatori where username='$_POST[username]'";
        $rezultat = $class_db->q($sql_login);
        $rows = mysql_num_rows($rezultat);
        if($rows<0){ echo "user inexistent!";}
        if($rows>1){ echo "Ceva dubios s-a intamplat";}
        if($rows==1){
       // $result=$db->q("SELECT * FROM users WHERE password='$hash'");

         while($row = mysql_fetch_array($rezultat)) if(strcmp($row['parola'],$hash)==0 && $row['activ']>0)
                {echo md5(md5($_POST['username'])).$hash;
                 setcookie("pu", md5(md5($_POST['username'])).$hash, time()+3600,"/");
                    $_SESSION['user'] = $_POST['username'];
                     $_SESSION['pass'] = md5( md5($_POST['password']) ) ;
                     if( $row['grup'] == 1 )
                            $_SESSION['logat']="user";

                        if( $row['grup'] == 0)
                            $_SESSION['logat']="admin";
                            $_SESSION['id']=$row['ID'];

                            $user= new user();
                            $user->id=$_SESSION['id'];$user->name=$_SESSION['user'];$user->hash=md5( md5($_POST['password'])).md5(md5($_POST['username'])); $user->tip=$_SESSION['logat'];
                            $_SESSION['userc']=serialize($user);
                     }
                                       else echo "FAIL";


    }
    }///if rows ==1
    }
   
$logat=  is_logat();
if($logat>0){
   if(!strcmp($_GET['action'],"cauta_tel")){
        mysql_safer();

        if(!isset($_POST['cauta_tel']))
        {   list_tel (); exit;}

        echo "<ul>";
        $nume = $_POST['cauta_tel'];
        $sql_cauta = "Select nume, telefon from carte_telefon WHERE nume like '%".$nume."%' OR telefon = '".$nume."' ";
        // echo $sql_cauta;
        $rezultat = $class_db->q($sql_cauta);
        if(!$rezultat)
            echo ("Nu exista acest nume/nr tel in cartea de telefon");
        else
        {
            while( $row =  mysql_fetch_array($rezultat) )
                echo "<li style='margin-left:20px;'>".$row['nume']." ".$row['telefon']."</li><br/>";

        }
       echo "</ul>";
   }
   
   if(!strcmp($_GET['action'],"cauta_rez")){
        //print_r($_SESSION);
        mysql_safer();$do=0;
        $query="SELECT sali.nume,perioade.perioada,rezervari.data ,detalii_utilizatori.Nume,detalii_utilizatori.Prenume,rezervari.motiv FROM `rezervari` INNER JOIN `sali` ON rezervari.OID=sali.SID INNER JOIN `perioade` ON rezervari.PID=perioade.PID INNER JOIN `detalii_utilizatori` ON rezervari.UID=detalii_utilizatori.ID WHERE RID>0";
        if(isset($_POST['data']) && strlen($_POST['data'])>4) {$do=1; $query.=" AND data='".$_POST['data']."' " ; }
        if(isset($_POST['perioada']) && !empty($_POST['perioada'])) {$do=1; $query.=" AND rezervari.PID='".$_POST['perioada']."' " ; }
        if(isset($_POST['sala']) && !empty($_POST['sala'])) {$do=1; $query.=" AND SID='".$_POST['sala']."' " ; }
        if(isset($_POST['motiv']) && strlen($_POST['motiv'])>2) {$do=1; $query.=" AND  motiv like '%".$_POST['motiv']."%'";}
       // echo $query;
      //  print_r($_POST);
        if($do>0){
        $search="<div id='search_rez'>";
        $user=unserialize($_SESSION['userc']);
        
        $query.="  ORDER BY data DESC";
        $result=$db->q($query);
        $search.= "<table border='1'>";
        $search.= "<tr border='1'>";
         $search.=  "<td>";
                $search.=  "Sala";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Interval Orar";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Data";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Nume";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Prenume";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Motiv";
                $search.=  "</td>";
        $search.=  "</tr>";
        if(isset($result) && !empty($result) )
        while($rows = mysql_fetch_array($result)){
            $search.= "<tr>";
            //print_r($rows);
           /// foreach($rows as $row){
            for($i=0;$i<6;$i++){
                $search.=  "<td>";
                $search.=  $rows[$i];
                $search.=  "</td>";
            }
            $search.=  "</tr>";
            
                   }
         $search.= "</table>";
      // /$show="<p> Rezervarea inregistrata - in curand un administrator o va vizializa! </p> <br />";//
        }
        else {
            $search="<p> Data invalida sda! </p> <br />";
        }
        echo $search;
        
   }
   
   if(!strcmp($_GET['action'],"add_rez")){
       //echo "adaugam!";
      // print_r($_POST);
       // print_r($_SESSION);
        mysql_safer();
        if(strlen($_POST['data'])>4 && !empty($_POST['perioada']) && !empty($_POST['sala'])){
        $user=unserialize($_SESSION['userc']);
        $query="INSERT INTO `rezervari` (`RID`, `UID`, `OID`, `PID`, `motiv`, `data`) VALUES (NULL, '$user->id', '".$_POST['sala']."', '".$_POST['perioada']."', '".$_POST['motiv']."', '".$_POST['data']."')";
       // echo $query;
        $db->q($query);
        $show="<p> Rezervarea inregistrata - in curand un administrator o va vizualiza! </p> <br />";
        
        }
        else {
            $show="<p> Date invalide! </p> <br />";
        }
        echo $show;
       
   }
   
   
   if(!strcmp($_GET['action'],"cauta_down")){
    mysql_safer();
    //print_r($_POST);
    $show="";
    $sql_cauta="SELECT file_table.FID,file_table.nume,categorii.categorie,ani.an,file_table.descriere,file_table.type,utilizatori.username,file_table.data FROM file_table INNER JOIN categorii ON file_table.CAT=categorii.CID INNER JOIN ani ON file_table.AN=ani.AID INNER JOIN utilizatori ON file_table.UID=utilizatori.ID WHERE FID>0";
    if(isset($_POST['categoria']) && !empty($_POST['categoria'])) {$do=1; $sql_cauta.=" AND file_table.CAT='".$_POST['categoria']."' " ; }
    if(isset($_POST['an']) && !empty($_POST['an'])) {$do=1; $sql_cauta.=" AND file_table.AN='".$_POST['an']."' " ; }
    if(isset($_POST['keyw']) && !empty($_POST['keyw'])) {$do=1; $sql_cauta.=" AND ( file_table.nume like '%".$_POST['keyw']."%' OR file_table.descriere like '%".$_POST['keyw']."%')" ; }
    //echo $sql_cauta;
    $show.= "<table style='width:550px;'>";
    $rezultat = $db->q($sql_cauta);
        if(!$rezultat)
           $show.= "N-am gasit nimic!  :(";
        else
        {
            $show.="<tr>";
                    $show.="<td >";
                    $show.="ID";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Nume";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Categorie";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="An";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Descriere";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Tipul";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Uploader";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="data";
                    $show.="</td>";
                
           $show.="</tr>";
            
            
            while( $row =  mysql_fetch_array($rezultat) )
            {
                $show.="<tr>";
                for($i=0;$i<8;$i++){
                   $elem=$row[$i];
                    $show.="<td >";
                    if($i==0) {$fid = $row[$i];$title=list_meta($fid);}
                    if($i==1) $show.= "<a href='down_show.php?id=$fid' tile='$title' >";
                    $show.="$elem";
                    if($i==1) $show.= "</a>";
                    $show.="</td>";
                }
                $show.="</tr>";
            }

        }
        
    
    $show.= "</table>";
    echo $show;
}


if(!strcmp($_GET['action'],"add_com")){
       //echo "adaugam!";
      // print_r($_POST);
       // print_r($_SESSION);
        mysql_safer();
        if(strlen($_POST['com'])>4 && !empty($_POST['fid']) && !empty($_POST['com'])){
        $user=unserialize($_SESSION['userc']);
        $_POST['com']=trim($_POST['com']);
        $query="INSERT INTO `comentarii` (`COMID`, `COM`, `FID`, `UID`, `data`) VALUES (NULL, '".$_POST['com']."', '".$_POST['fid']."', '$user->id', '".date("Y-m-d", time())."')";
       // echo $query;
        $db->q($query);
        $show="<p> Commentariu adaugat!</p> <br />";
        
        }
        else {
            $show="<p> Date invalide! </p> <br />";
        }
        echo $show;
       
   }
   

  
   
}////end logat
}
?>
